package com.junjiao.util.web.filter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import com.junjiao.util.web.HTMLUtil;
import com.junjiao.util.web.ParameterRequestWrapper;


/**
 * 此过滤器主要从安全的角度过滤非法行为数据
 * 
 * @description: <br>
 * @author:jiaojun
 * @email:junjiao.j@gmail.com
 * @project:汽车问答 zhidao.51auto.com
 * @version:v0.2
 * @date:2013-5-21
 */
public class SafeFilter implements Filter {

	@Override
	public void destroy() {
	}

	@Override
	public void doFilter(ServletRequest req, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req; 
		StringBuffer str;
		String st[];
		StringBuffer keyName;
		Enumeration enu = request.getParameterNames();
		
		HashMap m=new HashMap(request.getParameterMap()); 
		while (enu.hasMoreElements()) {
			keyName = new StringBuffer((String) enu.nextElement());
			if (request.getParameter(keyName.toString()) != null) {
				str = new StringBuffer(request.getParameter(keyName.toString()));
				m.put(keyName.toString(), HTMLUtil.delAllTag(str.toString()));
			} else if (request.getParameterValues(keyName.toString()) != null) {
				st = request.getParameterValues(keyName.toString());
				for (int i = 0; i < st.length; i++) {
					HTMLUtil.delAllTag(st[i]);
					m.put(keyName.toString(), HTMLUtil.delAllTag(st[i].toString()));
				}
			}
		}
		ParameterRequestWrapper wrapRequest=new ParameterRequestWrapper(request,m);
		chain.doFilter(wrapRequest, response);
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
	}
	
	
	
}
